Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange behaviour on laptop


  • This topic is locked This topic is locked
17 replies to this topic

#1 almasat

almasat

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 13 August 2017 - 11:02 PM

Hello,

Several strange things happening simultaneously on the computer. I don't know if they are related.

1. I am using VPN extensions for Chrome and Firefox. Whenever I use these, the default google search goes to google.com.ua and location is Ukraine. Iplocator shows location as Germany or UK which matches with the VPN extension IP. I have changed the extensions and the result is the same. If I reset browser things work normal for a while and then it's back to Ukraine.
2. When I start laptop in the morning, there is a quick copying window. It's too quick to see what is being copied.
3. I had error in event log about dynamic DLLs being loaded at startup Wininit EventID 11. That went away when I did a registry modification as described here. https://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/event-id-11-source-microsoft-windows-wininit/cf21d920-4a10-4b67-a850-c59b5f20d658
4. I am getting this error in event log : "The system detected an address conflict for IP address ----- with the system having network hardware address ------ . Network operations on this system may be disrupted as a result". I also had an additional router showing up in network with a slightly different name. I deleted that network.

The logs are as follows.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
Ran by Raj (administrator) on DESKTOP-MOI971O (14-08-2017 09:22:42)
Running from C:\Users\Raj\Desktop
Loaded Profiles: Raj (Available Profiles: Raj)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\igfxCUIService.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\igfxEM.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Flux Software LLC) C:\Users\Raj\AppData\Local\FluxSoftware\Flux\flux.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Users\Raj\Desktop\Tor Browser\Browser\firefox.exe
() C:\Users\Raj\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Users\Raj\Desktop\Tor Browser\Browser\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [7823824 2015-09-22] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074600 2016-08-28] (The Eraser Project)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-12-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8752592 2017-07-31] (Emsisoft Ltd)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2017-04-23] (QFX Software Corporation)
HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\Run: [f.lux] => C:\Users\Raj\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{05f48935-ee50-464d-b93f-e92cd0c5ad2f}: [DhcpNameServer] 192.168.225.1
Tcpip\..\Interfaces\{b254e67b-2b43-464b-9f75-89f3b502f54a}: [DhcpNameServer] 192.168.225.1

Internet Explorer:
==================
HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1472886130458

FireFox:
========
FF DefaultProfile: v990vbb2.default-1479369694386-1502598586798
FF ProfilePath: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\v990vbb2.default-1479369694386-1502598586798 [2017-08-13]
FF Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\v990vbb2.default-1479369694386-1502598586798\Extensions\hotspot-shield@anchorfree.com.xpi [2017-08-13]
FF Extension: (HTTPS Everywhere) - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\v990vbb2.default-1479369694386-1502598586798\Extensions\https-everywhere@eff.org.xpi [2017-08-13]
FF Extension: (NoScript) - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\v990vbb2.default-1479369694386-1502598586798\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-08-13]
FF Extension: (Video DownloadHelper) - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\v990vbb2.default-1479369694386-1502598586798\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-08-13]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-08-09] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-08-09] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-08-09] [not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR DefaultSearchKeyword: Profile 1 -> lp
CHR Profile: C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default [2017-08-14]
CHR Extension: (Google Drive) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-10]
CHR Extension: (HTTPS Everywhere) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-07-20]
CHR Extension: (Video DownloadHelper) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2017-08-05]
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Data Saver) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2016-05-29]
CHR Extension: (Gmail) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26]
CHR Extension: (Privacy Badger) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2017-07-25]
CHR Profile: C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-08-14]
CHR Profile: C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-08-14]
CHR Extension: (Google Drive) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-08]
CHR Extension: (Yukon Extension) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\belncckcaakhmonmcfmegbglccbjlebc [2017-05-31]
CHR Extension: (YouTube) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-07]
CHR Extension: (HTTPS Everywhere) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-07-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (AMP Validator) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmoffdblmcmgeicmolmhobpoocbbmknc [2017-07-04]
CHR Extension: (Transcribe: transcribe audio/interviews fast!) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm [2017-06-03]
CHR Extension: (Data Saver) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2016-06-23]
CHR Extension: (Evernote Web Clipper) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-05-31]
CHR Extension: (Gmail) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26]
CHR Profile: C:\Users\Raj\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9039536 2017-07-31] (Emsisoft Ltd)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\IntelCpHeciSvc.exe [303064 2017-02-20] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\IntelCpHDCPSvc.exe [480224 2017-02-20] (Intel Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [206712 2017-06-20] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3296632 2017-06-20] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-06-20] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-06-29] (Foxit Software Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\igfxCUIService.exe [341976 2017-02-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-19] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-23] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [52696 2017-06-28] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-02] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313191.inf_amd64_f86a31122289b968\atikmdag.sys [26565632 2016-12-07] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313191.inf_amd64_f86a31122289b968\atikmpag.sys [520584 2016-12-07] (Advanced Micro Devices, Inc.)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-09] (OSR Open Systems Resources, Inc.)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [347912 2016-08-03] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\igdkmd64.sys [11060192 2017-02-20] (Intel Corporation)
R3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [161408 2017-03-22] (Zemana Ltd.)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [233248 2017-02-20] (QFX Software Corporation)
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-05-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-13] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3517696 2017-04-13] (Intel Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-28] (Realsil Semiconductor Corporation)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [631200 2017-08-13] (IDRIX)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-06-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-06-13] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-14 09:22 - 2017-08-14 09:23 - 000022280 _____ C:\Users\Raj\Desktop\FRST.txt
2017-08-14 09:22 - 2017-08-14 09:22 - 000000000 ____D C:\FRST
2017-08-14 09:21 - 2017-08-14 09:22 - 002395648 _____ (Farbar) C:\Users\Raj\Desktop\FRST64.exe
2017-08-13 16:56 - 2017-08-13 16:56 - 000000053 _____ C:\Users\Raj\Desktop\New Text Document.txt
2017-08-13 09:55 - 2017-08-13 09:55 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-13 09:54 - 2017-08-13 09:55 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-12 21:29 - 2017-08-13 11:49 - 000000000 ____D C:\Program Files (x86)\Trend Micro
2017-08-12 21:16 - 2017-08-12 21:16 - 038842783 _____ C:\Users\Raj\AppData\Local\census.cache
2017-08-12 19:44 - 2017-08-12 19:44 - 000266498 _____ C:\Users\Raj\AppData\Local\ars.cache
2017-08-12 14:16 - 2017-08-12 14:16 - 000000010 _____ C:\Users\Raj\AppData\Local\sponge.last.runtime.cache
2017-08-12 14:08 - 2017-08-13 11:13 - 000000000 ____D C:\Users\Raj\AppData\Local\Trend Micro
2017-08-12 14:08 - 2017-08-13 11:13 - 000000000 ____D C:\ProgramData\Trend Micro
2017-08-12 14:08 - 2017-08-12 14:08 - 000000000 ____D C:\WINDOWS\Trend Micro
2017-08-12 14:03 - 2017-08-12 14:03 - 002527376 _____ (Trend Micro Inc.) C:\Users\Raj\Downloads\HousecallLauncher64.exe
2017-08-12 14:03 - 2017-08-12 14:03 - 000000036 _____ C:\Users\Raj\AppData\Local\housecall.guid.cache
2017-08-12 14:03 - 2016-08-23 00:50 - 000332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-08-12 11:09 - 2017-08-12 11:10 - 000000000 ____D C:\Users\Raj\Desktop\Tor Browser
2017-08-10 17:03 - 2017-08-10 17:03 - 000525052 _____ C:\Users\Raj\Downloads\Perennial Seller- The Art of Making and Marketing Work that Lasts.azw3
2017-08-09 17:37 - 2017-08-02 00:51 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 17:37 - 2017-08-02 00:50 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-08-09 17:37 - 2017-08-02 00:16 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-08-09 17:37 - 2017-08-02 00:13 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-08-09 17:37 - 2017-08-02 00:02 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 17:37 - 2017-08-01 23:57 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-09 17:37 - 2017-08-01 23:57 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-08-09 17:37 - 2017-08-01 22:50 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 17:37 - 2017-08-01 22:50 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-08-09 17:37 - 2017-08-01 22:50 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 17:37 - 2017-08-01 22:50 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-08-09 17:37 - 2017-08-01 22:49 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-08-09 17:37 - 2017-08-01 22:49 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 17:37 - 2017-08-01 22:49 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 17:37 - 2017-08-01 22:49 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 17:37 - 2017-08-01 22:49 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 17:37 - 2017-08-01 22:48 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 17:37 - 2017-08-01 22:46 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 17:37 - 2017-08-01 22:46 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-08-09 17:37 - 2017-08-01 22:46 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 17:37 - 2017-08-01 22:45 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 17:37 - 2017-08-01 22:45 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-08-09 17:37 - 2017-08-01 22:45 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-08-09 17:37 - 2017-08-01 22:45 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-08-09 17:37 - 2017-08-01 22:40 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-08-09 17:37 - 2017-08-01 22:37 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 17:37 - 2017-08-01 22:29 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 17:37 - 2017-08-01 22:28 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-09 17:37 - 2017-08-01 22:26 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-08-09 17:37 - 2017-08-01 22:26 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-08-09 17:37 - 2017-08-01 22:25 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-09 17:37 - 2017-08-01 22:24 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-08-09 17:37 - 2017-08-01 22:24 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-08-09 17:37 - 2017-08-01 22:24 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 17:37 - 2017-08-01 22:23 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-08-09 17:37 - 2017-08-01 22:22 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-08-09 17:37 - 2017-08-01 22:22 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-08-09 17:37 - 2017-08-01 22:21 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-08-09 17:37 - 2017-08-01 22:21 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-08-09 17:37 - 2017-08-01 22:21 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-08-09 17:37 - 2017-08-01 22:21 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 17:37 - 2017-08-01 22:21 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 17:37 - 2017-08-01 22:20 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-08-09 17:37 - 2017-08-01 22:20 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-08-09 17:37 - 2017-08-01 22:20 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-08-09 17:37 - 2017-08-01 22:20 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-08-09 17:37 - 2017-08-01 22:19 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 17:37 - 2017-08-01 22:18 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-09 17:37 - 2017-08-01 22:18 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 17:37 - 2017-08-01 22:17 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-08-09 17:37 - 2017-08-01 22:17 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-08-09 17:37 - 2017-08-01 22:17 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-08-09 17:37 - 2017-08-01 22:17 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 17:37 - 2017-08-01 22:17 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-08-09 17:37 - 2017-08-01 22:15 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-08-09 17:37 - 2017-08-01 22:15 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-08-09 17:37 - 2017-08-01 22:11 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-08-09 17:37 - 2017-08-01 22:09 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 17:37 - 2017-08-01 22:09 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 17:37 - 2017-08-01 22:08 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-08-09 17:37 - 2017-08-01 22:07 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 17:37 - 2017-08-01 22:07 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-08-09 17:37 - 2017-08-01 22:07 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-08-09 17:37 - 2017-08-01 22:06 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-09 17:37 - 2017-08-01 22:05 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-08-09 17:37 - 2017-08-01 22:04 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-08-09 17:37 - 2017-08-01 22:04 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 17:37 - 2017-08-01 22:04 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-08-09 17:37 - 2017-08-01 22:03 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-08-09 17:37 - 2017-08-01 22:02 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-08-09 17:37 - 2017-08-01 22:02 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-09 17:37 - 2017-08-01 22:01 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-09 17:37 - 2017-08-01 22:01 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-08-09 17:37 - 2017-08-01 22:01 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 17:37 - 2017-08-01 22:01 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-08-09 17:37 - 2017-08-01 22:01 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-08-09 17:37 - 2017-08-01 22:01 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-08-09 17:37 - 2017-08-01 22:00 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 17:37 - 2017-08-01 22:00 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-09 17:37 - 2017-08-01 22:00 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-08-09 17:37 - 2017-08-01 22:00 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 17:37 - 2017-08-01 22:00 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-08-09 17:37 - 2017-08-01 22:00 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-08-09 17:37 - 2017-08-01 22:00 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-08-09 17:37 - 2017-08-01 21:59 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-08-09 17:37 - 2017-08-01 21:58 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 17:37 - 2017-08-01 19:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 17:37 - 2017-07-12 11:47 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-08-09 17:37 - 2017-07-12 11:45 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-09 17:37 - 2017-07-12 11:42 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-09 17:37 - 2017-07-12 11:31 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-08-09 17:37 - 2017-07-12 11:30 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2017-08-09 17:37 - 2017-07-12 11:26 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 17:37 - 2017-07-12 11:25 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-08-09 17:37 - 2017-07-12 11:25 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-08-09 17:37 - 2017-07-12 11:22 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-09 17:37 - 2017-07-12 11:05 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2017-08-09 17:37 - 2017-07-12 11:02 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2017-08-09 17:37 - 2017-07-12 11:02 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2017-08-09 17:37 - 2017-07-12 11:01 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 17:37 - 2017-07-12 11:01 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2017-08-09 17:37 - 2017-07-12 11:00 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2017-08-09 17:37 - 2017-07-12 10:59 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-08-09 17:37 - 2017-07-12 10:59 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2017-08-09 17:37 - 2017-07-12 10:55 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-08-09 17:37 - 2017-07-12 10:54 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys
2017-08-09 17:37 - 2017-07-12 10:53 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 17:37 - 2017-07-12 10:53 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-08-09 17:37 - 2017-07-12 10:51 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 17:37 - 2017-07-12 10:51 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2017-08-09 17:37 - 2017-07-12 10:49 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-08-09 17:37 - 2017-07-12 10:48 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-08-09 17:37 - 2017-07-12 10:45 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 17:37 - 2017-07-12 10:45 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-08-09 17:37 - 2017-07-12 10:44 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 17:37 - 2017-07-12 10:43 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 17:37 - 2017-07-12 10:42 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-08-09 17:37 - 2017-07-12 10:41 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-09 17:37 - 2017-07-12 10:40 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 17:37 - 2017-07-12 10:40 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-08-09 17:37 - 2017-07-12 10:39 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-08-09 17:37 - 2017-07-12 10:37 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-09 17:37 - 2017-07-12 10:35 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 17:37 - 2017-03-04 11:35 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-08-09 17:36 - 2017-08-02 01:02 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-08-09 17:36 - 2017-08-02 01:01 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 17:36 - 2017-08-02 00:59 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 17:36 - 2017-08-02 00:57 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 17:36 - 2017-08-02 00:55 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-08-09 17:36 - 2017-08-02 00:52 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-08-09 17:36 - 2017-08-02 00:52 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-08-09 17:36 - 2017-08-02 00:51 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 17:36 - 2017-08-02 00:51 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-08-09 17:36 - 2017-08-02 00:51 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 17:36 - 2017-08-02 00:51 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-08-09 17:36 - 2017-08-02 00:51 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 17:36 - 2017-08-02 00:51 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-08-09 17:36 - 2017-08-02 00:50 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-08-09 17:36 - 2017-08-02 00:50 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 17:36 - 2017-08-02 00:50 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 17:36 - 2017-08-02 00:50 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 17:36 - 2017-08-02 00:50 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 17:36 - 2017-08-02 00:48 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 17:36 - 2017-08-02 00:48 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-08-09 17:36 - 2017-08-02 00:48 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 17:36 - 2017-08-02 00:48 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-08-09 17:36 - 2017-08-02 00:48 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-08-09 17:36 - 2017-08-02 00:47 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 17:36 - 2017-08-02 00:47 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-08-09 17:36 - 2017-08-02 00:47 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-08-09 17:36 - 2017-08-02 00:47 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-08-09 17:36 - 2017-08-02 00:47 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-08-09 17:36 - 2017-08-02 00:43 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 17:36 - 2017-08-02 00:43 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-09 17:36 - 2017-08-02 00:43 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 17:36 - 2017-08-02 00:31 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 17:36 - 2017-08-02 00:27 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-08-09 17:36 - 2017-08-02 00:24 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 17:36 - 2017-08-02 00:23 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-08-09 17:36 - 2017-08-02 00:22 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 17:36 - 2017-08-02 00:22 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-08-09 17:36 - 2017-08-02 00:22 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 17:36 - 2017-08-02 00:21 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-09 17:36 - 2017-08-02 00:20 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 17:36 - 2017-08-02 00:18 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-08-09 17:36 - 2017-08-02 00:18 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-09 17:36 - 2017-08-02 00:18 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 17:36 - 2017-08-02 00:17 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-08-09 17:36 - 2017-08-02 00:17 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 17:36 - 2017-08-02 00:17 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-08-09 17:36 - 2017-08-02 00:17 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-08-09 17:36 - 2017-08-02 00:17 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-08-09 17:36 - 2017-08-02 00:17 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-09 17:36 - 2017-08-02 00:16 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-08-09 17:36 - 2017-08-02 00:16 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-08-09 17:36 - 2017-08-02 00:16 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-08-09 17:36 - 2017-08-02 00:16 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 17:36 - 2017-08-02 00:16 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-08-09 17:36 - 2017-08-02 00:16 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 17:36 - 2017-08-02 00:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 17:36 - 2017-08-02 00:16 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 17:36 - 2017-08-02 00:15 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 17:36 - 2017-08-02 00:15 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-08-09 17:36 - 2017-08-02 00:15 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-08-09 17:36 - 2017-08-02 00:15 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-08-09 17:36 - 2017-08-02 00:15 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 17:36 - 2017-08-02 00:15 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 17:36 - 2017-08-02 00:15 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 17:36 - 2017-08-02 00:14 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 17:36 - 2017-08-02 00:14 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-08-09 17:36 - 2017-08-02 00:13 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-08-09 17:36 - 2017-08-02 00:13 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-08-09 17:36 - 2017-08-02 00:13 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 17:36 - 2017-08-02 00:12 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 17:36 - 2017-08-02 00:12 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 17:36 - 2017-08-02 00:11 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2017-08-09 17:36 - 2017-08-02 00:10 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-08-09 17:36 - 2017-08-02 00:10 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 17:36 - 2017-08-02 00:10 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 17:36 - 2017-08-02 00:09 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 17:36 - 2017-08-02 00:09 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 17:36 - 2017-08-02 00:09 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-08-09 17:36 - 2017-08-02 00:09 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 17:36 - 2017-08-02 00:08 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-08-09 17:36 - 2017-08-02 00:08 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-08-09 17:36 - 2017-08-02 00:07 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 17:36 - 2017-08-02 00:06 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 17:36 - 2017-08-02 00:06 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-08-09 17:36 - 2017-08-02 00:05 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 17:36 - 2017-08-02 00:04 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 17:36 - 2017-08-02 00:03 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 17:36 - 2017-08-02 00:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2017-08-09 17:36 - 2017-08-02 00:03 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-08-09 17:36 - 2017-08-02 00:02 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 17:36 - 2017-08-02 00:02 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-08-09 17:36 - 2017-08-02 00:02 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-08-09 17:36 - 2017-08-02 00:00 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-09 17:36 - 2017-08-02 00:00 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-08-09 17:36 - 2017-08-02 00:00 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-08-09 17:36 - 2017-08-02 00:00 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 17:36 - 2017-08-01 23:59 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 17:36 - 2017-08-01 23:59 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-08-09 17:36 - 2017-08-01 23:59 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 17:36 - 2017-08-01 23:58 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-09 17:36 - 2017-08-01 23:58 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-09 17:36 - 2017-08-01 23:57 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-09 17:36 - 2017-08-01 23:57 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-08-09 17:36 - 2017-08-01 23:57 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-08-09 17:36 - 2017-08-01 23:57 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 17:36 - 2017-08-01 23:57 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-08-09 17:36 - 2017-08-01 23:57 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-08-09 17:36 - 2017-08-01 23:57 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-08-09 17:36 - 2017-08-01 23:56 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 17:36 - 2017-08-01 23:56 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-08-09 17:36 - 2017-08-01 23:55 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 17:36 - 2017-08-01 23:54 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-08-09 17:36 - 2017-08-01 23:54 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 17:36 - 2017-08-01 23:54 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-08-09 17:36 - 2017-08-01 23:54 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-08-09 17:36 - 2017-08-01 23:53 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 17:36 - 2017-08-01 23:53 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-08-09 17:36 - 2017-08-01 22:21 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 17:36 - 2017-08-01 22:17 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 17:36 - 2017-08-01 22:12 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 17:36 - 2017-08-01 22:10 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 17:36 - 2017-08-01 22:10 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 17:36 - 2017-08-01 22:07 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-08-09 17:36 - 2017-08-01 22:07 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-08-09 17:36 - 2017-08-01 22:03 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 17:36 - 2017-08-01 22:01 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 17:36 - 2017-07-12 11:46 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-09 17:36 - 2017-07-12 11:45 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 17:36 - 2017-07-12 11:45 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-08-09 17:36 - 2017-07-12 11:44 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-09 17:36 - 2017-07-12 11:43 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 17:36 - 2017-07-12 11:42 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 17:36 - 2017-07-12 11:39 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-09 17:36 - 2017-07-12 11:32 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 17:36 - 2017-07-12 11:32 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-08-09 17:36 - 2017-07-12 11:31 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2017-08-09 17:36 - 2017-07-12 11:30 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-08-09 17:36 - 2017-07-12 11:30 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2017-08-09 17:36 - 2017-07-12 11:29 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-08-09 17:36 - 2017-07-12 11:29 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-08-09 17:36 - 2017-07-12 11:29 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-08-09 17:36 - 2017-07-12 11:29 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-08-09 17:36 - 2017-07-12 11:29 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-08-09 17:36 - 2017-07-12 11:25 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-09 17:36 - 2017-07-12 10:55 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2017-08-09 17:36 - 2017-07-12 10:54 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2017-08-09 17:36 - 2017-07-12 10:54 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2017-08-09 17:36 - 2017-07-12 10:53 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2017-08-09 17:36 - 2017-07-12 10:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-08-09 17:36 - 2017-07-12 10:53 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-08-09 17:36 - 2017-07-12 10:53 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-08-09 17:36 - 2017-07-12 10:53 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll
2017-08-09 17:36 - 2017-07-12 10:52 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2017-08-09 17:36 - 2017-07-12 10:51 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-08-09 17:36 - 2017-07-12 10:51 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-08-09 17:36 - 2017-07-12 10:51 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2017-08-09 17:36 - 2017-07-12 10:50 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2017-08-09 17:36 - 2017-07-12 10:49 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-08-09 17:36 - 2017-07-12 10:49 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-08-09 17:36 - 2017-07-12 10:49 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 17:36 - 2017-07-12 10:47 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-08-09 17:36 - 2017-07-12 10:47 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-08-09 17:36 - 2017-07-12 10:46 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-08-09 17:36 - 2017-07-12 10:46 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 17:36 - 2017-07-12 10:45 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-09 17:36 - 2017-07-12 10:43 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 17:36 - 2017-07-12 10:42 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 17:36 - 2017-07-12 10:42 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-08-09 17:36 - 2017-07-12 10:42 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-08-09 17:36 - 2017-07-12 10:41 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 17:36 - 2017-07-12 10:40 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 17:36 - 2017-07-12 10:39 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-08-09 17:36 - 2017-07-12 10:38 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-09 17:36 - 2017-07-12 10:37 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 17:36 - 2017-07-12 10:37 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-08-09 17:36 - 2017-07-12 10:36 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 17:36 - 2017-07-12 10:36 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-08-09 17:36 - 2017-07-12 10:36 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-08-09 17:36 - 2017-07-12 10:33 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 17:36 - 2017-07-12 10:33 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 17:36 - 2017-07-12 10:32 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 17:36 - 2017-07-12 10:31 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 17:36 - 2017-07-12 10:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-08-09 17:36 - 2017-07-12 10:30 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-09 17:36 - 2017-07-12 10:29 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-08-09 17:36 - 2017-07-12 10:29 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 17:36 - 2017-07-12 10:29 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 17:36 - 2017-07-12 10:28 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 17:36 - 2017-07-12 10:28 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-08-09 17:36 - 2017-07-12 10:28 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 17:36 - 2017-07-12 10:27 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 17:36 - 2017-07-12 10:26 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-09 17:36 - 2017-07-12 08:19 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-09 17:36 - 2017-03-04 12:27 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-08-09 17:36 - 2017-03-04 11:46 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-08-09 17:36 - 2017-03-04 11:44 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-08-09 17:36 - 2017-03-04 11:37 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-08-09 17:36 - 2017-03-04 11:35 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-08-09 17:36 - 2016-09-07 10:54 - 000057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-09 17:36 - 2016-08-02 13:43 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 11:47 - 2017-08-09 11:47 - 000002840 _____ C:\Users\Raj\Documents\BB_170809-114746.txt
2017-08-08 11:17 - 2017-08-08 11:17 - 000345309 _____ C:\Users\Raj\Documents\Best-Practices-for-Long-term-Wealth-Creation-for-MF-Investors.pdf
2017-08-07 23:25 - 2017-08-07 23:25 - 000000000 ____D C:\Users\Public\Foxit Software
2017-08-07 23:24 - 2017-08-07 23:27 - 000000000 ____D C:\Users\Raj\AppData\Roaming\Foxit Software
2017-08-07 23:24 - 2017-08-07 23:24 - 000000000 ____D C:\Users\Raj\AppData\Roaming\Foxit AgentInformation
2017-08-07 23:24 - 2017-08-07 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-08-07 23:24 - 2017-08-07 23:24 - 000000000 ____D C:\ProgramData\Foxit Software
2017-08-07 23:24 - 2017-08-07 23:24 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2017-08-07 23:24 - 2017-08-07 23:24 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2017-08-07 17:46 - 2017-08-07 17:48 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-08-07 17:45 - 2017-08-07 17:49 - 000000000 ____D C:\ProgramData\TEMP
2017-08-07 17:45 - 2017-08-07 17:47 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-08-07 17:45 - 2017-08-07 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-08-07 17:45 - 2012-05-02 12:17 - 001070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2017-08-07 17:45 - 2009-03-24 13:52 - 000129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2017-08-07 15:23 - 2017-08-07 15:23 - 000001177 _____ C:\Users\Raj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2017-08-06 23:55 - 2017-08-14 09:17 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-08-06 23:55 - 2017-08-06 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-08-06 09:01 - 2017-08-06 09:01 - 000000000 ____D C:\ProgramData\Emsisoft
2017-08-05 10:06 - 2017-08-05 10:39 - 000000000 ____D C:\ProgramData\RogueKiller
2017-08-05 10:06 - 2017-08-05 10:06 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-05 10:05 - 2017-08-05 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-05 10:05 - 2017-08-05 10:05 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-05 09:18 - 2017-08-05 09:18 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\63CC18A0.sys
2017-08-05 05:45 - 2017-08-05 05:46 - 008095033 _____ C:\Users\Raj\Documents\stress.pdf
2017-08-04 18:39 - 2017-08-04 19:22 - 000000000 ____D C:\Program Files\mbar
2017-08-03 08:11 - 2017-08-03 08:11 - 004964024 _____ C:\Users\Raj\Downloads\The Making of Don.azw3
2017-08-02 15:37 - 2017-08-02 15:43 - 000000000 ____D C:\Users\Raj\AppData\Local\Thunderbird
2017-08-02 15:37 - 2017-08-02 15:37 - 000000000 ____D C:\Users\Raj\AppData\Roaming\Thunderbird
2017-08-02 15:36 - 2017-08-02 15:36 - 000001284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2017-08-02 15:36 - 2017-08-02 15:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-08-02 15:29 - 2017-08-02 15:29 - 000000000 ____D C:\Users\Raj\Documents\Takeout
2017-08-02 15:26 - 2017-08-02 15:27 - 019175518 _____ C:\Users\Raj\Documents\takeout-20170802T095359Z-001.zip
2017-08-02 09:47 - 2017-08-02 09:47 - 000663186 _____ C:\Users\Raj\Downloads\Logogram_Decks.zip
2017-08-01 09:48 - 2017-08-01 09:48 - 000001829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-07-31 22:53 - 2017-07-31 22:53 - 004353633 _____ C:\Users\Raj\Documents\Tim.Blogging.Hacks.pdf
2017-07-31 22:51 - 2017-07-31 22:51 - 011995611 _____ C:\Users\Raj\Documents\5-morning-rituals-that-help-me-win-the-day1.pdf
2017-07-28 10:06 - 2017-07-28 10:34 - 000000000 ____D C:\Users\Raj\Documents\mbar
2017-07-27 19:09 - 2017-07-27 19:11 - 042179032 _____ C:\Users\Raj\Downloads\Mastering_Kanji_1500.pdf
2017-07-25 17:55 - 2017-07-25 17:55 - 000003934 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration
2017-07-22 13:26 - 2017-08-13 16:58 - 000000000 ____D C:\Users\Raj\Hindi
2017-07-18 17:53 - 2017-07-18 17:53 - 000194859 _____ C:\Users\Raj\Documents\The Ultimate Guide to Habits – Peak Performance Made Easy.html
2017-07-18 17:53 - 2017-07-18 17:53 - 000000000 ____D C:\Users\Raj\Documents\The Ultimate Guide to Habits – Peak Performance Made Easy_files

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-14 09:23 - 2017-06-28 11:41 - 000849148 _____ C:\WINDOWS\ZAM.krnl.trace
2017-08-14 09:23 - 2017-06-28 11:41 - 000165305 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-08-14 08:51 - 2016-05-05 14:28 - 000000000 __SHD C:\Users\Raj\IntelGraphicsProfiles
2017-08-13 21:19 - 2016-05-07 18:43 - 000000000 ____D C:\Users\Raj\AppData\Roaming\vlc
2017-08-13 20:50 - 2016-08-05 23:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-13 17:51 - 2017-05-09 19:09 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-13 17:51 - 2016-08-05 23:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-13 17:51 - 2016-07-16 11:34 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2017-08-13 17:02 - 2017-06-14 20:21 - 000000000 ____D C:\Users\Raj\AppData\Local\CrashDumps
2017-08-13 17:02 - 2016-07-16 17:15 - 000000000 ____D C:\WINDOWS\INF
2017-08-13 15:13 - 2016-08-05 23:14 - 000000000 ____D C:\Users\Raj
2017-08-13 14:05 - 2016-05-09 09:08 - 000000000 ____D C:\Users\Raj\dwhelper
2017-08-13 11:54 - 2016-02-01 17:12 - 002745434 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-13 11:52 - 2017-05-09 22:48 - 000000000 ____D C:\Users\Raj\AppData\Roaming\VeraCrypt
2017-08-13 11:40 - 2017-05-09 17:49 - 000631200 _____ (IDRIX) C:\WINDOWS\system32\Drivers\veracrypt.sys
2017-08-13 11:40 - 2017-05-09 17:49 - 000000000 ____D C:\Program Files\VeraCrypt
2017-08-13 11:35 - 2016-05-11 11:55 - 000000000 ____D C:\Users\Raj\AppData\LocalLow\Temp
2017-08-13 10:05 - 2016-11-17 13:31 - 000000000 ____D C:\Users\Raj\AppData\LocalLow\Mozilla
2017-08-13 09:55 - 2016-05-08 09:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-13 09:24 - 2017-05-09 17:30 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-12 11:10 - 2017-04-16 19:47 - 000000906 _____ C:\Users\Raj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-08-12 11:09 - 2016-05-29 19:17 - 000000000 ____D C:\Users\Raj\.FBReader
2017-08-12 10:40 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\rescache
2017-08-12 09:16 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-11 19:17 - 2016-05-05 14:24 - 000000000 ____D C:\Users\Raj\AppData\Local\ElevatedDiagnostics
2017-08-11 10:47 - 2017-04-24 17:33 - 000001669 _____ C:\Users\Raj\Desktop\e.txt
2017-08-10 19:05 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-10 18:20 - 2017-05-18 20:51 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-08-10 18:20 - 2015-10-30 11:58 - 000000000 ____D C:\Users\Default.migrated
2017-08-09 19:25 - 2016-02-01 17:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-09 19:22 - 2016-08-05 23:08 - 000302432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 19:20 - 2016-07-16 17:17 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-09 19:20 - 2016-07-16 17:17 - 000000000 ___RD C:\Program Files\Windows Defender
2017-08-09 19:20 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-09 19:20 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-09 19:20 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\Provisioning
2017-08-09 19:20 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-08-09 19:20 - 2016-07-16 17:17 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-09 19:20 - 2016-07-16 17:17 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-09 19:20 - 2016-07-16 17:17 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 19:20 - 2016-07-16 17:17 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-09 17:46 - 2016-07-16 17:06 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 17:40 - 2016-06-17 12:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 17:38 - 2016-05-14 20:06 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-07 17:46 - 2015-10-30 12:54 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-07 17:45 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-08-06 23:13 - 2017-05-07 09:27 - 000001074 _____ C:\DelFix.txt
2017-08-04 19:22 - 2017-04-17 12:49 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-04 18:43 - 2017-05-04 18:18 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-08-03 07:09 - 2016-05-07 17:10 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-02 19:43 - 2017-07-13 12:51 - 000000000 ____D C:\Users\Raj\Kindle_on1307
2017-08-01 10:22 - 2016-12-17 19:22 - 000000000 ____D C:\Users\Raj\AppData\Roaming\Wireshark
2017-08-01 09:48 - 2017-07-03 11:26 - 000000000 ____D C:\Program Files\Wireshark
2017-08-01 09:48 - 2016-12-17 19:18 - 000000000 ____D C:\Program Files (x86)\WinPcap
2017-08-01 09:47 - 2016-02-01 17:02 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-31 20:44 - 2016-07-16 17:19 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 20:44 - 2016-07-16 17:19 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-31 20:02 - 2017-06-13 12:39 - 000000000 ____D C:\Users\Raj\AppData\Local\NPE
2017-07-31 18:53 - 2016-08-10 19:14 - 000000000 ____D C:\Users\Raj\Documents\Kindle
2017-07-31 09:28 - 2017-05-02 15:44 - 000000000 ___RD C:\Users\Raj\Japanese
2017-07-28 10:07 - 2017-05-09 19:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-27 23:11 - 2016-05-05 22:58 - 000000000 ____D C:\Users\Raj\Leapforce
2017-07-25 17:54 - 2017-06-27 12:43 - 000000000 ____D C:\ProgramData\SupportAssist
2017-07-25 09:30 - 2017-05-09 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-23 19:04 - 2016-05-05 13:23 - 000000000 ____D C:\Users\Raj\AppData\Roaming\PCDr
2017-07-18 15:19 - 2016-05-24 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2017-07-18 15:19 - 2016-05-24 14:32 - 000000000 ____D C:\Program Files (x86)\Calibre2
2017-07-18 15:10 - 2016-05-24 14:32 - 000000000 ____D C:\Users\Raj\Documents\Calibre Library

==================== Files in the root of some directories =======

2017-08-12 19:44 - 2017-08-12 19:44 - 000266498 _____ () C:\Users\Raj\AppData\Local\ars.cache
2017-08-12 21:16 - 2017-08-12 21:16 - 038842783 _____ () C:\Users\Raj\AppData\Local\census.cache
2017-08-12 14:03 - 2017-08-12 14:03 - 000000036 _____ () C:\Users\Raj\AppData\Local\housecall.guid.cache
2016-08-16 13:29 - 2016-08-16 13:29 - 000000017 _____ () C:\Users\Raj\AppData\Local\resmon.resmoncfg
2017-08-12 14:16 - 2017-08-12 14:16 - 000000010 _____ () C:\Users\Raj\AppData\Local\sponge.last.runtime.cache
2016-12-26 10:02 - 2016-12-26 10:02 - 000047518 _____ () C:\ProgramData\agent.1482726766.bdinstall.bin
2016-12-26 10:03 - 2016-12-26 10:03 - 000028745 _____ () C:\ProgramData\agent.1482726826.bdinstall.bin
2016-12-26 10:13 - 2016-12-26 10:13 - 000028744 _____ () C:\ProgramData\agent.1482727395.bdinstall.bin
2016-12-26 10:42 - 2016-12-26 10:42 - 000029152 _____ () C:\ProgramData\agent.1482729156.bdinstall.bin
2016-12-26 17:46 - 2016-12-26 17:46 - 000048381 _____ () C:\ProgramData\agent.1482754582.bdinstall.bin
2016-12-27 10:03 - 2016-12-27 10:03 - 000028745 _____ () C:\ProgramData\agent.1482813235.bdinstall.bin
2017-05-06 20:32 - 2017-05-06 20:32 - 000047586 _____ () C:\ProgramData\agent.1494082959.bdinstall.bin
2017-05-07 09:46 - 2017-05-07 09:46 - 000047804 _____ () C:\ProgramData\agent.1494130567.bdinstall.bin
2017-05-09 18:32 - 2017-05-09 18:32 - 000030030 _____ () C:\ProgramData\agent.uninstall.1494334947.bdinstall.bin
2017-05-07 19:50 - 2017-05-07 19:50 - 000029963 _____ () C:\ProgramData\agent.update.1494166823.bdinstall.bin
2016-08-05 23:11 - 2016-08-05 23:11 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-05 09:43

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by Raj (14-08-2017 09:24:13)
Running from C:\Users\Raj\Desktop
Windows 10 Home Single Language Version 1607 (X64) (2016-08-05 18:00:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3363881303-3615463573-1429575272-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3363881303-3615463573-1429575272-503 - Limited - Disabled)
Guest (S-1-5-21-3363881303-3615463573-1429575272-501 - Limited - Disabled)
Raj (S-1-5-21-3363881303-3615463573-1429575272-1001 - Administrator - Enabled) => C:\Users\Raj
SophosSAUDESKTOP-MO0 (S-1-5-21-3363881303-3615463573-1429575272-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Amazon Kindle (HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
calibre (HKLM-x32\...\{5B27E69E-F59D-4B62-901F-F6981C826A5A}) (Version: 3.4.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM\...\{F6179602-B81A-8280-ED6A-60C4CE3BFB44}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{84A7D3B6-F315-EB89-8B81-A7F5E97843BF}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B60CE830-8747-B6B4-3D76-D04799EF8F00}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{38E01689-ECCD-0B42-95D6-9FD56BDE11B4}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{B537565B-B778-33C9-6D73-D4C65E65C877}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9AA4635B-0074-9D40-2820-5AC2123C5E4E}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{D02B5EFD-8560-FE50-73CE-B08AD35DE353}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{77ACB171-E4C4-B9E6-363B-B43D05F2B31D}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{3BCEC951-192C-BF61-90AD-838419ED6BD7}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{74449FE3-5AF8-8A79-0E26-5286455FD89D}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{82FFDEB9-05BB-3CB2-3176-4913B1F34499}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{F9A05A5E-1F16-2250-D7BD-B1D89C388771}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{BC3E9171-36CB-644F-1CDF-D78FA385F648}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DB214277-8102-1BB2-B5C4-801F4D1E5FA5}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{FC03878F-379F-49AC-989A-0BAF64CBAF58}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{1C3ECA52-28D9-7ACD-D827-C3AD1385FF83}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E6F74259-2418-FA53-90C2-8BE208E12F69}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{88452244-BB97-1471-E8C6-14EFE80EB921}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{5E5438D8-A264-56E4-06F2-0A3F7B04D544}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{142C59E1-549F-1601-094B-9C9BF57A3851}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{360F558F-8E4D-55B8-9FA1-DEB550D7F337}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssistAgent (HKLM\...\{90881C8E-6C4F-4662-9923-85AFCA058C44}) (Version: 2.0.1.7 - Dell)
Dell System Detect (HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\d24084d039586cae) (Version: 8.4.0.5 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{EEA45885-F3E3-4E7D-8435-E9C21D36C141}) (Version: 3.0.0.2840 - Dell Inc.)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.4 - Emsisoft Ltd.)
Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
f.lux (HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\Flux) (Version:  - )
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.1.21155 - Foxit Software Inc.)
gamabhana fonftfreedom version 2016 (HKLM-x32\...\{30DC6BA9-0D64-4C58-B8FE-79824546C9A7}_is1) (Version: 2016 - gamabhana)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4590 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{52DA40D6-6EF4-4B28-B501-FC538ECE638C}) (Version: 19.01.1627.3533 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8431b7d7-59d1-4f45-8212-a2eac049528f}) (Version: 19.60.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.11.0.3 - QFX Software Corporation)
Leapforce Extension Native Host (HKLM-x32\...\{C15F26C8-6656-4A6A-A586-42872E7FFA2D}) (Version: 1.1.6 - Leapforce)
LibreOffice 5.3.4.2 (HKLM\...\{798CC630-3AA2-457E-B453-1EBBC3A4582F}) (Version: 5.3.4.2 - The Document Foundation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 55.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.1 (x64 en-US)) (Version: 55.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Mozilla Thunderbird 52.2.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.2.1 (x86 en-US)) (Version: 52.2.1 - Mozilla)
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
PX Profile Update (HKLM-x32\...\{0D5E5C9A-84C2-D3E9-30EE-1836BA479E0E}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{8DC1990E-2E49-BEA6-D083-C26A2BB218F9}) (Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.009 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.9.0 - Adlice Software)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.21 - IDRIX)
Virtual Audio Cable 4.15 (HKLM\...\Virtual Audio Cable 4.15) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.2 - win.rar GmbH)
Wireshark 2.4.0 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.0 - The Wireshark developer community, hxxps://www.wireshark.org)
Zemana AntiLogger (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiLogger\ZAMShellExt64.dll [2017-06-17] ()
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-06-10] (Alexander Roshal)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\igfxDTCM.dll [2017-02-20] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiLogger\ZAMShellExt64.dll [2017-06-17] ()
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers6-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-06-10] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07C5E538-CF62-46CC-B8E9-EA1EE0A3309C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-07] (Google Inc.)
Task: {2047B541-1788-400E-8BD7-F8BC98F52485} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {30169E8C-AF3D-4BAC-AF27-22E27F6FB8D2} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-06-28] (Dell Inc.)
Task: {4D6CB832-2654-435D-87E4-357AE5BCD95B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-07] (Google Inc.)
Task: {5A537394-1582-4A55-9095-CAD139224E09} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {958AD575-00FA-4C3A-AA91-409E542C338E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {9CA3B792-D648-41E7-9CBB-BC5EB3D6CE7C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {B6151DFE-C0E3-45D2-A205-01DEC3C39394} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-06-28] (Dell Inc.)
Task: {E0A020DE-473B-4102-B54E-55C1427E9A1D} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor)
Task: {F4AB147E-AAF7-48AB-880A-C4526DEB9946} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP MOI971O

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Raj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\LF - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 17:12 - 2016-07-16 17:12 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-13 01:55 - 2017-06-21 13:18 - 002681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-05 23:33 - 2016-08-05 23:33 - 000959168 _____ () C:\Users\Raj\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-09-22 19:00 - 2016-09-07 10:26 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-20 09:58 - 2017-03-04 12:01 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-20 09:58 - 2017-03-04 11:42 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-20 09:58 - 2017-03-04 11:35 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-20 09:58 - 2017-03-04 11:35 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-08-09 17:36 - 2017-08-01 23:56 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-09 17:36 - 2017-08-02 00:01 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-08-03 07:09 - 2017-08-02 13:09 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-03 07:09 - 2017-08-02 13:09 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
2000-01-01 05:30 - 2000-01-01 05:30 - 003282432 _____ () C:\Users\Raj\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
2016-12-21 10:24 - 2016-12-21 10:24 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-09-19 13:04 - 2015-09-19 13:04 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2000-01-01 05:30 - 2000-01-01 05:30 - 000093535 _____ () C:\Users\Raj\Desktop\Tor Browser\Browser\libssp-0.dll
2000-01-01 05:30 - 2000-01-01 05:30 - 000720153 _____ () C:\Users\Raj\Desktop\Tor Browser\Browser\TorBrowser\Tor\libevent-2-0-5.dll
2000-01-01 05:30 - 2000-01-01 05:30 - 000093535 _____ () C:\Users\Raj\Desktop\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll
2000-01-01 05:30 - 2000-01-01 05:30 - 000524198 _____ () C:\Users\Raj\Desktop\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll
2000-01-01 05:30 - 2000-01-01 05:30 - 000107520 _____ () C:\Users\Raj\Desktop\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Raj\Pictures\Saved Pictures\shinjuku-japan-rain_95377_990x742.jpg
DNS Servers: 192.168.225.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run32: => "Eraser"
HKLM\...\StartupApproved\Run32: => "Malwarebytes TrayApp"
HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\StartupApproved\Run: => "Kaspersky Software Updater"
HKU\S-1-5-21-3363881303-3615463573-1429575272-1001\...\StartupApproved\Run: => "KSS"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{42E1CCF1-7B06-4BF3-AA48-79374DC47C72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27BA3F49-75F6-42E0-BFAF-EA380E1A8691}] => (Allow) C:\Users\Raj\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F90E079D-FD04-41A1-B8F7-E8B757388F29}] => (Allow) C:\Users\Raj\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{48D1AE60-6F73-4927-A4AC-3FB0806D3BCE}] => (Allow) C:\Users\Raj\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{46198B7F-809C-4493-A1B4-57940CB39F85}] => (Allow) C:\Users\Raj\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7099CD32-C78B-4ECE-9E3F-300692B41137}] => (Allow) C:\Users\Raj\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0188AFEA-BD30-4B86-8A54-A85D3E9FC4BA}] => (Allow) C:\Users\Raj\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D11F509A-B8AD-4C72-A924-266440DC8C3E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2A9B4316-45F2-4CB5-92C4-1F9FF5E5CDAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{323BDC7D-C78D-422F-B4C0-9F23E163D3A7}] => (Allow) C:\Users\Raj\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
FirewallRules: [{4B9FF6B1-CC25-46BD-B267-5C79819AD2EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{76A30D4A-2767-45EA-8155-47595C4DCBB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FE3866A5-8712-492F-9674-583706E75CC7}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe

==================== Restore Points =========================

08-08-2017 13:41:54 Scheduled Checkpoint
13-08-2017 11:40:15 VeraCrypt installation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2017 05:50:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0xb0c
Faulting application start time: 0x01d3142b9e6c5d52
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 09b45dd6-103e-438c-a207-08ef6ccd8d15
Faulting package full name:
Faulting package-relative application ID:

Error: (08/13/2017 05:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0xa74
Faulting application start time: 0x01d313fc1ffdb49b
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 1d3b769e-4ea4-4238-b462-0e5692dede5e
Faulting package full name:
Faulting package-relative application ID:

Error: (08/13/2017 04:44:39 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="5HCMJ72" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="1.2.8" SMBIOSPresent="True" Rel_Date="20170208000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5559" Ident_Num="DESKTOP-MOI971O" TimeZone="(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi" OSName="Microsoft Windows 10 Home Single Language"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.225.162</HostIP></Exception>

Error: (08/13/2017 04:44:37 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="5HCMJ72" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="1.2.8" SMBIOSPresent="True" Rel_Date="20170208000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5559" Ident_Num="DESKTOP-MOI971O" TimeZone="(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi" OSName="Microsoft Windows 10 Home Single Language"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.225.162</HostIP></Exception>

Error: (08/13/2017 01:09:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program soffice.bin version 5.3.4.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1cfc

Start Time: 01d3140723b21919

Termination Time: 9

Application Path: C:\Program Files\LibreOffice 5\program\soffice.bin

Report Id: 737353fa-7ffa-11e7-bef8-001e64ec2a92

Faulting package full name:

Faulting package-relative application ID:

Error: (08/13/2017 01:06:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wordpad.exe version 10.0.14393.1480 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b38

Start Time: 01d31406e64435cc

Termination Time: 33

Application Path: C:\Program Files\Windows NT\Accessories\wordpad.exe

Report Id: 2adc28fa-7ffa-11e7-bef8-001e64ec2a92

Faulting package full name:

Faulting package-relative application ID:

Error: (08/13/2017 11:48:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0xa94
Faulting application start time: 0x01d313e89823a439
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: c21ba49a-6dc6-44a3-b732-ec38c928e85e
Faulting package full name:
Faulting package-relative application ID:

Error: (08/13/2017 11:40:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/13/2017 11:12:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DRScanner.exe, version: 3.0.0.1035, time stamp: 0x59771ddf
Faulting module name: ntdll.dll, version: 10.0.14393.1532, time stamp: 0x5965ad6c
Exception code: 0xc0000374
Fault offset: 0x000d9d71
Faulting process id: 0x10bc
Faulting application start time: 0x01d313e8a222ea5c
Faulting application path: C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: dcbdd53e-72ce-4e04-a7e7-235c3fff986e
Faulting package full name:
Faulting package-relative application ID:

Error: (08/13/2017 09:34:14 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (08/14/2017 08:55:16 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 2405:204:9108:b774:ed6e:8e56:4ca:b487 with the system
having network hardware address DE-94-CE-89-4A-E3. Network operations on this system may
be disrupted as a result.

Error: (08/14/2017 08:51:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/13/2017 10:11:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/13/2017 10:00:47 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 2405:204:9514:421e:ed6e:8e56:4ca:b487 with the system
having network hardware address 2A-4C-34-3A-99-36. Network operations on this system may
be disrupted as a result.

Error: (08/13/2017 09:20:40 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 2405:204:9703:3e7a:ed6e:8e56:4ca:b487 with the system
having network hardware address 12-DA-D8-CC-AE-B4. Network operations on this system may
be disrupted as a result.

Error: (08/13/2017 06:44:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/13/2017 06:22:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/13/2017 05:59:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/13/2017 05:54:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/13/2017 05:54:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.


CodeIntegrity:
===================================
  Date: 2017-08-14 09:22:59.914
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-08-14 09:07:59.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-08-14 08:51:22.628
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-08-13 21:59:22.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-08-13 21:47:06.039
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-08-13 21:30:43.167
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-08-13 21:20:44.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-08-13 21:12:57.839
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-08-13 20:43:14.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2017-08-13 20:28:14.116
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 45%
Total physical RAM: 8083.82 MB
Available physical RAM: 4400.35 MB
Total Virtual: 8595.82 MB
Available Virtual: 4484.23 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.57 GB) (Free:647.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4889B82E)

Partition: GPT.

==================== End of Addition.txt ============================



 



BC AdBot (Login to Remove)

 


#2 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 15 August 2017 - 11:52 AM

Hello almasat,

My name is King_Yoshi and I will be helping you today.

If at any point you have any comments, questions or concerns, please do not hesitate to post them.

Allow me some time to review your post.

In the meantime please review the following rules.

Basic Rules:

1. First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts.
Please try to match our commitment to you with your patience toward us.
I try to reply as soon as possible. (Typically every 24-48 hours.)

2. Please do not run any tools or take any steps other than those I provide for you.
I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take.
If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.

3. Please perform all steps in the order they are listed, in each set of instructions. Some steps may be a bit complicated.
If things are not clear, be sure to stop and let me know.

4. Please copy and paste all logs into your post, unless directed otherwise.
Please do not re-run any programs I suggest.
If you encounter problems simply stop and tell me.

5. When you post your reply, use the 2ni7laq.jpg button.

6. In the upper right hand corner of the topic you will see the 15n7fnk.jpg button.
Please click on this then choose "Immediate E-Mail notification" and then "Proceed" and you will be sent an email once I have posted a response.

7. If you do not reply to your topic after 3 days I will bump the post. After 5 days of no reply we will assume it has been abandoned and I will close it.

8. When your computer is clean I will alert you of such.
I will also provide for you detailed information about how you can prevent and combat future infections.

#3 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 17 August 2017 - 06:07 PM

Updated Proposed Post


Hello almasat,

Thank you for your patients.

1.) Lets begin with a couple questions.

1.) Do you know anything about the following auto start Dell Support Service?

Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc [b]start Dell Help SupportWORKGROUP DESKTOP MOI971O[/b]

2.) I saw the following chrome extension installed; Yukon Extension
Did you install this extension?

2.) We need to run a FRST Fix

:step1: Please download the attached fixlist.txt and save it in the same location that FRST is.
→→
Attached File  fixlist.txt   131bytes   4 downloads ←←
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

:step2: Then Open FRST and press the Fix button once and wait.
If for some reason the tool needs the computer to restart, please make sure you let the system restart normally, then let the tool complete its run
FRST_Fix_Button.png

:step3: When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it into your next reply.

3.) Please download MiniToolBox, save it to your desktop and run it.

(1) Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

(2) A copy of MTB.txt will be saved in the same directory the tool is run.
Please copy and paste the contents of this file into your next post.


4.) Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.



#4 almasat

almasat
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 18 August 2017 - 08:20 AM

Hello King_Yoshi

Thank you very much for your help. Much appreciated.
The answers to your questions :

1. I know some Dell services auto start but I am not sure exactly what this service does. I don't recognize it. I have never used Dell Remote support in case it's related to that.
2.  Yes, I installed Yukon. I have been using Yukon extension for past three years without any problems.
3. I uninstalled uTorrent some time back, before I posted this post. I don't see it in the list of add/remove programs. I am not sure why it's showing up in logs.

The logs are as follows :

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2017
Ran by Raj (18-08-2017 18:36:19) Run:1
Running from C:\Users\Raj\Desktop
Loaded Profiles: Raj (Available Profiles: Raj)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Reg: reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters

cmd: dir /s C:\Windows\System32\drivers\etc
*****************


========= reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters
    DataBasePath    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\etc
    Domain    REG_SZ    
    ForwardBroadcasts    REG_DWORD    0x0
    ICSDomain    REG_SZ    mshome.net
    NameServer    REG_SZ    
    SyncDomainWithMembership    REG_DWORD    0x1
    HostName    REG_SZ    DESKTOP-MOI971O
    NV HostName    REG_SZ    DESKTOP-MOI971O
    SearchList    REG_SZ    
    UseDomainNameDevolution    REG_DWORD    0x1
    DeadGWDetectDefault    REG_DWORD    0x1
    DontAddDefaultGatewayDefault    REG_DWORD    0x0
    IPEnableRouter    REG_DWORD    0x0
    EnableICMPRedirect    REG_DWORD    0x1
    DhcpNameServer    REG_SZ    192.168.225.1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\DNSRegisteredAdapters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\NsiObjectSecurity
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\PersistentRoutes
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Winsock


========= End of Reg: =========


========= dir /s C:\Windows\System32\drivers\etc =========

 Volume in drive C is OS
 Volume Serial Number is 24C6-75B8

 Directory of C:\Windows\System32\drivers\etc

10-08-2017  18:56    <DIR>          .
10-08-2017  18:56    <DIR>          ..
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
               2 Dir(s)  696,695,721,984 bytes free

========= End of CMD: =========


==== End of Fixlog 18:36:19 ====

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Raj (administrator) on 18-08-2017 at 18:40:54
Running from "C:\Users\Raj\Desktop"
Microsoft Windows 10 Home Single Language  (X64)
Model: Inspiron 5559 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® Dual Band Wireless-AC 3160 = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-MOI971O
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : F8-CA-B8-57-57-D3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 00-1E-64-EC-2A-8F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3160
   Physical Address. . . . . . . . . : 00-1E-64-EC-2A-8E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2405:204:930f:be8d:ed6e:8e56:4ca:b487(Preferred)
   Temporary IPv6 Address. . . . . . : 2405:204:930f:be8d:919:b753:3e8c:26a8(Preferred)
   Link-local IPv6 Address . . . . . : fe80::ed6e:8e56:4ca:b487%2(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.225.162(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 18 August 2017 08:27:53
   Lease Expires . . . . . . . . . . : 19 August 2017 05:48:43
   Default Gateway . . . . . . . . . : fe80::5c9a:1a61:4a36:af63%2
                                       192.168.225.1
   DHCP Server . . . . . . . . . . . : 192.168.225.1
   DHCPv6 IAID . . . . . . . . . . . : 33562212
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-40-F9-B0-F8-CA-B8-57-57-D3
   DNS Servers . . . . . . . . . . . : 192.168.225.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 00-1E-64-EC-2A-92
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3c62:97b:3f57:1e5d(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3c62:97b:3f57:1e5d%6(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 100663296
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-40-F9-B0-F8-CA-B8-57-57-D3
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{05F48935-EE50-464D-B93F-E92CD0C5AD2F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  jiofi.local.html
Address:  192.168.225.1

Name:    google.com
Addresses:  2404:6800:4009:801::200e
      216.58.220.174


Pinging google.com [2404:6800:4009:801::200e] with 32 bytes of data:
Reply from 2404:6800:4009:801::200e: time=71ms
Reply from 2404:6800:4009:801::200e: time=69ms

Ping statistics for 2404:6800:4009:801::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 69ms, Maximum = 71ms, Average = 70ms
Server:  jiofi.local.html
Address:  192.168.225.1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      2001:4998:58:c02::a9
      98.139.180.149
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=403ms
Reply from 2001:4998:58:c02::a9: time=368ms

Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 368ms, Maximum = 403ms, Average = 385ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...f8 ca b8 57 57 d3 ......Realtek PCIe FE Family Controller
  7...00 1e 64 ec 2a 8f ......Microsoft Wi-Fi Direct Virtual Adapter
  2...00 1e 64 ec 2a 8e ......Intel® Dual Band Wireless-AC 3160
  9...00 1e 64 ec 2a 92 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.225.1  192.168.225.162     50
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
    192.168.225.0    255.255.255.0         On-link   192.168.225.162    306
  192.168.225.162  255.255.255.255         On-link   192.168.225.162    306
  192.168.225.255  255.255.255.255         On-link   192.168.225.162    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link   192.168.225.162    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link   192.168.225.162    306
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  2    306 ::/0                     fe80::5c9a:1a61:4a36:af63
  1    331 ::1/128                  On-link
  6    331 2001::/32                On-link
  6    331 2001:0:9d38:90d7:3c62:97b:3f57:1e5d/128
                                    On-link
  2    306 2405:204:930f:be8d::/64  On-link
  2    306 2405:204:930f:be8d:919:b753:3e8c:26a8/128
                                    On-link
  2    306 2405:204:930f:be8d:ed6e:8e56:4ca:b487/128
                                    On-link
  2    306 fe80::/64                On-link
  6    331 fe80::/64                On-link
  6    331 fe80::3c62:97b:3f57:1e5d/128
                                    On-link
  2    306 fe80::ed6e:8e56:4ca:b487/128
                                    On-link
  1    331 ff00::/8                 On-link
  2    306 ff00::/8                 On-link
  6    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

**** End of log ****



 



#5 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 19 August 2017 - 01:34 PM

Hello almasat,

 

Thank you for the logs and for your patients.
I have been looking over them and will be responding as soon as possible.



#6 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 21 August 2017 - 11:09 AM

Apologies for the delay. I am in the process of creating another fix for you.



#7 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 21 August 2017 - 02:27 PM

1.)
We need to run another FRST Fix

:step1: Please download the attached fixlist.txt and save it in the same location that FRST is.
→→Attached File  fixlist.txt   94bytes   2 downloads←←
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

:step2: Then Open FRST and press the Fix button once and wait.
If for some reason the tool needs the computer to restart, please make sure you let the system restart normally, then let the tool complete its run
FRST_Fix_Button.png

:step3: When finished, FRST will generate the following logs (Fixlog.txt) in the same location the tool was run, please post it into your next reply.

 
2.)
We need to search for Files
All files in your "C:\Windows\System32\drivers\etc" directory seem to be missing. (Including your hosts file.)
We are going to run a search for backups of these files.

:step1: Please copy the text from the below code box and paste it into FRST's search box.

hosts;lmhosts.sam;networks;protocol;services

:step2: Then click on the "Search Files" button.

FRST_Search.png

:step3: A search.txt file will be generated. Please copy and paste its contents into your next post.



#8 almasat

almasat
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 22 August 2017 - 04:32 AM

Thank you. Some updates.

Since last 3-4 days, I have not seen the change in location to Ukraine.

I am still getting the error in event logs about TCPIP. In addition, every morning when I start the laptop, it downloads about 50-150 mb. Not sure if this is updates or something else. I have turned off automatic updates for windows.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Raj (22-08-2017 14:59:52) Run:2
Running from C:\Users\Raj\Desktop
Loaded Profiles: Raj (Available Profiles: Raj)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP MOI971O
*****************

C:\WINDOWS\Tasks\RunDLC.job => moved successfully

==== End of Fixlog 14:59:52 ====

 

Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Raj (22-08-2017 15:00:36)
Running from C:\Users\Raj\Desktop
Boot Mode: Normal

================== Search Files: "hosts;lmhosts.sam;networks;protocol;services" =============

C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\hosts
[2016-07-16 17:12][2016-07-16 17:12] 000000824 _____ () 3688374325B992DEF12793500307566D [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\networks
[2016-07-16 17:12][2016-07-16 17:12] 000000407 _____ () B65A1232FB4B35827CE7C5E2F8EC8947 [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\protocol
[2016-07-16 17:12][2016-07-16 17:12] 000001358 _____ () 7700D22FA108234E623D65FA72D9E29C [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\services
[2016-07-16 17:12][2016-07-16 18:02] 000003998 _____ () FBB1AF2D54D04362629A036256472350 [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-lmhsvc_31bf3856ad364e35_10.0.14393.0_none_803553e20708df4a\lmhosts.sam
[2016-07-16 17:12][2016-07-16 17:12] 000003683 _____ () 18413B90E1B291EC3E777A845C37CFEE [File is digitally signed]

C:\Users\Raj\AppData\Roaming\Microsoft\MMC\services
[2016-08-25 23:36][2017-07-03 17:02] 000093529 _____ () 5E1E054FBD34F825A7307FD2B9BB1ABE [File not signed]

C:\Recovery\etc\hosts
[2015-10-30 12:54][2015-10-30 12:51] 000000824 _____ () 3688374325B992DEF12793500307566D [File is digitally signed]

C:\Recovery\etc\lmhosts.sam
[2016-07-16 17:17][2016-07-16 17:15] 000003683 _____ () 18413B90E1B291EC3E777A845C37CFEE [File is digitally signed]

C:\Recovery\etc\networks
[2015-10-30 12:54][2015-10-30 12:51] 000000407 _____ () B65A1232FB4B35827CE7C5E2F8EC8947 [File is digitally signed]

C:\Recovery\etc\protocol
[2015-10-30 12:54][2015-10-30 12:51] 000001358 _____ () 7700D22FA108234E623D65FA72D9E29C [File is digitally signed]

C:\Recovery\etc\services
[2015-10-30 12:54][2015-10-30 12:51] 000017463 _____ () D9E1A01B480D961B7CF0509D597A92D6 [File is digitally signed]

C:\Program Files\Wireshark\services
[2017-07-19 22:28][2017-07-19 22:28] 000968658 _____ () A24EF37431810D91B6A2F29D1D1BFCC9 [File not signed]

====== End of Search ======



#9 almasat

almasat
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 22 August 2017 - 10:23 PM

I have also started getting this new error in event log.

 

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.



#10 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 22 August 2017 - 10:28 PM

Thank you for the logs.

 

I am still getting the error in event logs about TCPIP.

Since the errors are created by IPV6, we could disable IPV6 and see if they still appear. (This way you would only be connected on IPV4.)

 

In addition, every morning when I start the laptop, it downloads about 50-150 mb. Not sure if this is updates or something else. I have turned off automatic updates for windows.

Are you still getting the downloads after you turned off Windows updater?

 

 

We need to run another FRST Fix

:step1: Please download the attached fixlist.txt and save it in the same location that FRST is.
→→Attached File  fixlist.txt   872bytes   1 downloads ←←

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

:step2: Then Open FRST and press the Fix button once and wait.
If for some reason the tool needs the computer to restart, please make sure you let the system restart normally, then let the tool complete its run
FRST_Fix_Button.png

:step3: When finished, FRST will generate the following log (Fixlog.txt) in the same location the tool was run, please post it into your next reply.



#11 almasat

almasat
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 23 August 2017 - 01:23 AM

Are you still getting the downloads after you turned off Windows updater?

 

What happens is I start the windows, check mail and some social media. If I then check the data usage, it's usually between 50-150 mb, sometimes even without any surfing. I am not sure if this is any of the antiviruses like Emsisoft updating.

 

The Ukrain thing is back. Here is a screenshot.

 

Attached File  ukraine1.jpg   142.72KB   1 downloads
 
The VPN is showing IP location as Canada but the web address is google.com.ua and the location is Kyiv. IP locator websites also show location as Canada. I also got one login from Ukraine in my Facebook log but no warning from Facebook. This only happens when I am using VPN connections.
 
I will post logs in next post.

 


Edited by almasat, 23 August 2017 - 07:39 AM.


#12 almasat

almasat
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 23 August 2017 - 01:25 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Raj (23-08-2017 11:55:28) Run:3
Running from C:\Users\Raj\Desktop
Loaded Profiles: Raj (Available Profiles: Raj)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: copy C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\hosts C:\Windows\System32\drivers\etc\hosts
CMD: copy C:\Windows\WinSxS\amd64_microsoft-windows-lmhsvc_31bf3856ad364e35_10.0.14393.0_none_803553e20708df4a\lmhosts.sam C:\Windows\System32\drivers\etc\lmhosts.sam
CMD: copy C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\networks C:\Windows\System32\drivers\etc\networks
CMD: copy C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\protocol C:\Windows\System32\drivers\etc\protocol
CMD: copy C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\services C:\Windows\System32\drivers\etc\services
*****************


========= copy C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\hosts C:\Windows\System32\drivers\etc\hosts =========

        1 file(s) copied.

========= End of CMD: =========


========= copy C:\Windows\WinSxS\amd64_microsoft-windows-lmhsvc_31bf3856ad364e35_10.0.14393.0_none_803553e20708df4a\lmhosts.sam C:\Windows\System32\drivers\etc\lmhosts.sam =========

        1 file(s) copied.

========= End of CMD: =========


========= copy C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\networks C:\Windows\System32\drivers\etc\networks =========

        1 file(s) copied.

========= End of CMD: =========


========= copy C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\protocol C:\Windows\System32\drivers\etc\protocol =========

        1 file(s) copied.

========= End of CMD: =========


========= copy C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\services C:\Windows\System32\drivers\etc\services =========

        1 file(s) copied.

========= End of CMD: =========


==== End of Fixlog 11:55:29 ====



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:56 PM

Posted 25 August 2017 - 08:28 AM

Reposted by Oh My!

1.)


The Ukrain thing is back. Here is a screenshot.

post-983488-0-14971400-1503491978_thumb.

The VPN is showing IP location as Canada but the web address is google.com.ua and the location is Kyiv. IP locator websites also show location as Canada. I also got one login from Ukraine in my Facebook log but no warning from Facebook. This only happens when I am using VPN connections.

I believe your VPN is in fact working properly. This has to do with google not being 100% reliable when it comes to knowing your location. This is also why everything goes back to normal when you turn off the VPN.
I would suggest reading this article regarding googles location services. (These services are what google uses to redirect you to their country specific homepage.)

2.)

What happens is I start the windows, check mail and some social media. If I then check the data usage, it's usually between 50-150 mb, sometimes even without any surfing. I am not sure if this is any of the antiviruses like Emsisoft updating.

The following page, contains a couple free programs you can use to monitor your network.
This way you can find out which program is causing the bandwidth usage.

3.)
Lets try disabling your IPV6. This should stop all the errors from happening, since you will still connect via IPV4.
1.) Go to the Cortana search menu, type in "View Network Connections" and click on it when it shows up.
2.) Once your Network Connections window is open, please right click on the network called "Wireless LAN adapter Wi-Fi ". and select "Properties".
3.) Once in "Properties", please uncheck the option for IPV6 then click OK.
disable_ipv6.png

Edited by Oh My!, 25 August 2017 - 08:30 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:56 PM

Posted 25 August 2017 - 08:29 AM

User post moved by Oh My!

The Ukrain thing is back. Here is a screenshot.

I believe your VPN is in fact working properly. This has to do with google not being 100% reliable when it comes to knowing your location. This is also why everything goes back to normal when you turn off the VPN.
I would suggest reading this article regarding googles location services. (These services are what google uses to redirect you to their country specific homepage.)

Two things bother me. First, no matter the location of the servers, Google always shows Kiyv. And Facebook also showed the same. As far as I remember I have never used VPN for logging in to Facebook. Secondly, I would have been much relieved if the location was anywhere else but Ukraine.

 

The following page, contains a couple free programs you can use to monitor your network. This way you can find out which program is causing the bandwidth usage.

I installed netguard from this page and ESET scanner flagged it as infected. (The other file in ccleaner setup. )

C:\Users\Raj\Downloads\ccsetup533.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Raj\Downloads\netguard.exe Win32/Somoto.Q potentially unwanted application

I uploaded netguard.exe to VirusTotal and four engines flagged it.

Am I infected?

I have turned off IPV6

Edited by Oh My!, 25 August 2017 - 08:29 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 26 August 2017 - 12:07 AM

1.)

Two things bother me. First, no matter the location of the servers, Google always shows Kiyv. And Facebook also showed the same. As far as I remember I have never used VPN for logging in to Facebook. Secondly, I would have been much relieved if the location was anywhere else but Ukraine.

Since this issue persists when using that specific VPN, you may ant to try a different VPN.
There is not much more I can do on my end, since troubleshooting a specific program or addon is a bit out of scope of what we do here.

2.)

I installed netguard from this page and ESET scanner flagged it as infected. (The other file in ccleaner setup. )

C:\Users\Raj\Downloads\ccsetup533.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Raj\Downloads\netguard.exe Win32/Somoto.Q potentially unwanted application

I uploaded netguard.exe to VirusTotal and four engines flagged it.

Am I infected?

No you are not infected.
Sometimes these programs come bundled with Potentially Unwanted Programs, which is why it was flagged.

C:\Users\Raj\Downloads\netguard.exe Win32/Somoto.Q potentially unwanted application

If you ever download a file, that you know is clean and was flagged by ESET, you can always restore it from quarantine. But be sure that it is clean first.
Uploading it to virus total, like you did, is great practice. :)

I downloaded and tested this program from Majorgeeks, since the download on the official website was down for me. (It was working yesterday, so I am not sure what happened.)

3.)

I have turned off IPV6

Great. This should take care of those errors.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users